Refine
Year of publication
Document Type
- Conference Proceeding (642) (remove)
Language
- English (492)
- German (149)
- Multiple languages (1)
Keywords
- 360-degree coverage (1)
- 3D Extended Object Tracking (1)
- 3D Extended Object Tracking (EOT) (2)
- 3D shape tracking (1)
- 3D ship detection (1)
- AAL (1)
- ADAM (1)
- AHI (1)
- Abrasive grain material (1)
- Abtragsprinzip (1)
Institute
- Fakultät Bauingenieurwesen (9)
- Fakultät Elektrotechnik und Informationstechnik (10)
- Fakultät Informatik (50)
- Fakultät Maschinenbau (9)
- Fakultät Wirtschafts-, Kultur- und Rechtswissenschaften (8)
- Institut für Angewandte Forschung - IAF (53)
- Institut für Optische Systeme - IOS (19)
- Institut für Strategische Innovation und Technologiemanagement - IST (29)
- Institut für Systemdynamik - ISD (64)
- Institut für Werkstoffsystemtechnik Konstanz - WIK (5)
We present source code patterns that are difficult for modern static code analysis tools. Our study comprises 50 different open source projects in both a vulnerable and a fixed version for XSS vulnerabilities reported with CVE IDs over a period of seven years. We used three commercial and two open source static code analysis tools. Based on the reported vulnerabilities we discovered code patterns that appear to be difficult to classify by static analysis. The results show that code analysis tools are helpful, but still have problems with specific source code patterns. These patterns should be a focus in training for developers.
We compared vulnerable and fixed versions of the source code of 50 different PHP open source projects based on CVE reports for SQL injection vulnerabilities. We scanned the source code with commercial and open source tools for static code analysis. Our results show that five current state-of-the-art tools have issues correctly marking vulnerable and safe code. We identify 25 code patterns that are not detected as a vulnerability by at least one of the tools and 6 code patterns that are mistakenly reported as a vulnerability that cannot be confirmed by manual code inspection. Knowledge of the patterns could help vendors of static code analysis tools, and software developers could be instructed to avoid patterns that confuse automated tools.
Systematic Generation of XSS and SQLi Vulnerabilities in PHP as Test Cases for Static Code Analysis
(2022)
Synthetic static code analysis test suites are important to test the basic functionality of tools. We present a framework that uses different source code patterns to generate Cross Site Scripting and SQL injection test cases. A decision tree is used to determine if the test cases are vulnerable. The test cases are split into two test suites. The first test suite contains 258,432 test cases that have influence on the decision trees. The second test suite contains 20 vulnerable test cases with different data flow patterns. The test cases are scanned with two commercial static code analysis tools to show that they can be used to benchmark and identify problems of static code analysis tools. Expert interviews confirm that the decision tree is a solid way to determine the vulnerable test cases and that the test suites are relevant.
Investigation of magnetic effects on austenitic stainless steels after low temperature carburization
(2018)
Fachvortrag auf der 10th International European Stainless Steel Conference and 6th European Duplex Stainless Steel Conference (ESSC & DUPLEX 2019), 30.09. – 02.10.2019, Vienna, Austria
Magnetic effects on austenitic stainless steels, formed during a low temperature carburizing depending on the alloy composition are discussed in this paper. Samples of different austenitic stainless steel alloys have been subjected to a multiple low-temperature carburization. Layer characteriszation with light microscope and hardness profiles show a growth of the layer thickness. The formation of an expanded austenite layer (lattice expansion) could be detected by X-ray diffraction (XRD). Feritscope was used to determine the magnetizability, whereby not all austenitic alloys form a magnetizability after treatment. Furthermore, test procedures were developed to visualize the magnetizability. For this purpose, magnetic force microscope measurements and investigations with ferrofluid were carried out and a fir tree ferromagnetic layer strucure could be proven.
Small vessels or unmanned surface vehicles only have a limited amount of space and energy available. If these vessels require an active sensing collision avoidance system it is often not possible to mount large sensor systems like X-Band radars. Thus, in this paper an energy efficient automotive radar and a laser range sensor are evaluated for tracking surrounding vessels. For these targets, those type of sensors typically generate more than one detection per scan. Therefore, an extended target tracking problem has to be solved to estimate state end extension of the vessels. In this paper, an extended version of the probabilistic data association filter that uses random matrices is applied. The performance of the tracking system using either radar or laser range data is demonstrated in real experiments.
Probabilistic data association for tracking extended targets under clutter using random matrices
(2015)
The use of random matrices for tracking extended objects has received high attention in recent years. It is an efficient approach for tracking objects that give rise to more than one measurement per time step. In this paper, the concept of random matrices is used to track surface vessels using highresolution automotive radar sensors. Since the radar also receives a large number of clutter measurements from the water, for the data association problem, a generalized probabilistic data association filter is applied. Additionally, a modification of the filter update step is proposed to incorporate the Doppler velocity measurements. The presented tracking algorithm is validated using Monte Carlo Simulation, and some performance results with real radar data are shown as well.